From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751792AbdJYN43 (ORCPT ); Wed, 25 Oct 2017 09:56:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:34974 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750765AbdJYN42 (ORCPT ); Wed, 25 Oct 2017 09:56:28 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 317A76A09 Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx10.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=jolsa@redhat.com Date: Wed, 25 Oct 2017 15:56:25 +0200 From: Jiri Olsa To: Ravi Bangoria Cc: acme@kernel.org, linux-kernel@vger.kernel.org, peterz@infradead.org, mingo@redhat.com, alexander.shishkin@linux.intel.com, namhyung@kernel.org, treeze.taeung@gmail.com, yao.jin@linux.intel.com, kim.phillips@arm.com, naveen.n.rao@linux.vnet.ibm.com Subject: Re: [RFC] perf tool: Fix memory corruption because of zero length symbols Message-ID: <20171025135625.GA30082@krava> References: <1508854806-10542-1-git-send-email-ravi.bangoria@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1508854806-10542-1-git-send-email-ravi.bangoria@linux.vnet.ibm.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Wed, 25 Oct 2017 13:56:28 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 24, 2017 at 07:50:06PM +0530, Ravi Bangoria wrote: > Perf top is often crashing at very random locations on powerpc. > After investigating, I found the crash only happens when sample > is of zero length symbol. Powerpc kernel has many such symbols > which does not contain length details in vmlinux binary and thus > start and end addresses of such symbols are same. > > Structure > > struct sym_hist { > u64 nr_samples; > u64 period; > struct sym_hist_entry addr[0]; > }; > > has last member 'addr[]' of size zero. 'addr[]' is an array of > addresses that belongs to one symbol (function). If function > consist of 100 instructions, 'addr' points to an array of 100 > 'struct sym_hist_entry' elements. For zero length symbol, it > points to the *empty* array, i.e. no members in the array and > thus offset 0 is also invalid for such array. > > static int __symbol__inc_addr_samples(...) > { > ... > offset = addr - sym->start; > h = annotation__histogram(notes, evidx); > h->nr_samples++; > h->addr[offset].nr_samples++; > h->period += sample->period; > h->addr[offset].period += sample->period; > ... > } > > Here, when 'addr' is same as 'sym->start', 'offset' becomes 0, > which is valid for normal symbols but *invalid* for zero length > symbols and thus updating h->addr[offset] causes memory corruption. > > Fix this by adding one dummy element for zero length symbols. > > Fixes: edee44be5919 ("perf annotate: Don't throw error for zero length symbols") > Signed-off-by: Ravi Bangoria Acked-by: Jiri Olsa thanks, jirka